Exiv2 0.26 has an integer overflow in the LoaderExifJpeg class in preview.cpp, leading to an out-of-bounds read in Exiv2::MemIo::read in basicio.cpp. References: https://github.com/Exiv2/exiv2/issues/365 https://github.com/TeamSeri0us/pocs/blob/master/exiv2/1-out-of-read-Poc Patch: https://github.com/Exiv2/exiv2/commit/341de4500ab993103c215bfb07d43d4a08654ac4
Created exiv2 tracking bugs for this issue: Affects: fedora-all [bug 1590998]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2101 https://access.redhat.com/errata/RHSA-2019:2101
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-12265